Many venues, such as hotels, conference centers, and concert and sports venues, support wired and/or wireless communications services (e.g., Internet access) for various types of users, including guests, employees, and others. The venues often try to control user access to communications services in various ways, including by charging for access or by affecting resource provision to the user (e.g., traffic shaping, offering tiered services, etc.). For example, when a guest stays at a hotel, he may desire to access the Internet from his laptop computer. When he first connects and opens his browser (or tries to enter an Internet address in the browser), he can be presented with a “captive portal” (e.g., a purchase page) that allows him to select a usage plan, pay for services, etc. He is allowed to access some or all communications services only after accepting certain terms of use, paying for services, and/or otherwise becoming authorized.
Traditional approaches involve installing one or more expensive, highly configured gateways on-site at the venue. Access requests from user devices are received by the gateway. In some traditional implementations, the gateway serves its own captive portal page and acts as an on-site purchase engine. In other traditional implementations, the gateway redirects requests to force unauthorized users to a remotely served captive portal page. For example, the request packets are modified with a new destination address that is the address of the captive portal page. User devices can then become authorized via the captive portal page. Requests from authorized users are allowed to proceed to the Internet.